Control-flow Reconstruction Attacks on Business Process Models

Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies.Based the...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Kirchmann, Henrik, Fahrenkrog-Petersen, Stephan A, Mannhardt, Felix, Weidlich, Matthias
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 17.09.2024
Subjects
Annotations
Reconstruction
Online AccessGet full text

Cover

More Information
Summary:Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies.Based thereon, once a model is published, certain insights about the original process executions may be reconstructed, so that an external party may extract confidential information about the business process. This work is the first to empirically investigate such reconstruction attempts based on process models. To this end, we propose different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations. To assess the potential success of such reconstruction attacks on process models, and hence the risks imposed by publishing them, we compare the reconstructed process executions with those of the original log for several real-world datasets.
ISSN:2331-8422